Home » Data Protection » Wireless/Mobile

Industry View

5 Steps for Achieving Effective Mobile Security Governance

How do you keep mobile security intact as devices proliferate? Consultant Robert Zhang breaks down the keys to success.

By Robert Zhang, GlassHouse Technologies

Page 3

Organizations should put employees in a driver seat for an effective security governance effort. They can become a most critical layer of security defense in any risk mitigation strategy.

Establishing a Baseline Security Configuration
As the use of mobile technologies in business increases, more and more critical business and sensitive personal information is being collected, processed and transmitted over shared wireless networks. Mobile devices need to be configured adequately to protect the device itself and data on it from unauthorized use, data disclosure and malicious attacks.

During a planning phase of mobile device deployment, all devices should be considered to meet a baseline requirement in terms of corporate security policy. A baseline security configuration may include:

Password protection at power-on
File or directory encryption
VPN for email and internal network access
On-device firewall
AV software
Latest security patches

Enforcing the baseline security configuration for all devices can help an organization to establish a bottom-line of defense from each device. Similar to an Internet facing device hardening, on-device resources, wireless interfaces, e.g. WiFi, Bluetooth, RFID, wireless printer, and application functions should be minimized to reduce the likelihood of wireless attacks.

Building a Mobile Aware IT infrastructure
Organizations may have well defined IT tools in place to manage enterprise systems (e.g., servers, networking and storage). As advanced mobile devices become increasingly used in business applications, their roles have been quickly shifting from email access to business-oriented transactions with back-end database systems (e.g. ERP, CRM and SFA). In the meantime, the growing business mobility is taking traditional IT boundary outside an organization's perimeter.

Organizations need to implement strong authentication and user role-based data access and distribution. Strong password enforcement, including two-factor authentication (e.g. software token) for a particular user group for additional security, should be performed. Existing network-based segregation or zoning should be revised to be data centric and extended to mobile users and devices.

To avoid increased integration cost, and later challenges in software support and upgrade, organizations should plan a centralized device management solution at the time of device deployment, ideally to be directly integrated with existing IT systems for network, application, server and device. A number of advanced solutions exist today that can support multi-platforms on a centralized enterprise console. IT managers can achieve proactive controls over device usage, configuration setting, software update and security patching. In particular, remote password reset, device lock and wipe are necessary features in many cases. Such solutions should be deployed with little or no user involvement, easy integration with existing directory structure and good scalability for a large number of users with diversified devices and on different wireless networks.